openSUSE-SU-2022:0072-1: moderate: Security update for bitcoin
openSUSE Security Update: Security update for bitcoin ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0072-1 Rating: moderate References: Cross-References: CVE-2021-3195 CVSS scores: CVE-2021-3195 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bitcoin fixes the following issues: Update to version 0.21.2 * P2P protocol and network code * use NetPermissions::HasFlag() in CConnman::Bind() * Rate limit the processing of rumoured addresses * Wallet * Do not iterate a directory if having an error while accessing it * RPC * Reset scantxoutset progress before inferring descriptors * Build System * depends: update Qt 5.9 source url * Update Windows code signing certificate * Use custom MacOS code signing tool * Fix build with Boost 1.77.0 * Tests and QA * Build with --enable-werror by default, and document exceptions * Fix intermittent feature_taproot issue * Fix macOS brew install command * add missing ECCVerifyHandle to base_encode_decode * Run fuzzer task for the master branch only * GUI * Do not use QClipboard::Selection on Windows and macOS. * Remove user input from URI error message * Draw "eye" sign at the beginning of watch-only addresses * Miscellaneous * Fix crash when parsing command line with -noincludeconf=0 * util: Properly handle -noincludeconf on command line (take 2) Update to version 0.21.1 * Consensus: * Speedy trial support for versionbits * Speedy trial activation parameters for Taproot * P2P protocol and network code * allow CSubNet of non-IP networks * Avoid UBSan warning in ProcessMessage * Wallet * Introduce DeferredSignatureChecker and have SignatureExtractorClass subclass it * Avoid requesting fee rates multiple times during coin selection * RPC and other APIs: * Disallow sendtoaddress and sendmany when private keys disabled CVE-2021-3195 Update to version 0.21.0: * For full details see release-notes-0.21.0.md Update to version 0.20.1 * Mining * Fix GBT: Restore "!segwit" and "csv" to "rules" key * P2P protocol and network code * Replace automatic bans with discouragement filter * Wallet * Handle concurrent wallet loading * Minimal fix to restore conflicted transaction notifications * RPC and other APIs * Increment input value sum only once per UTXO in decodepsbt * psbt: Increment input value sum only once per UTXO in decodepsbt * psbt: Include and allow both non_witness_utxo and witness_utxo for segwit inputs * GUI * Add missing QPainterPath include * update Qt base translations for macOS release * Misc * util: Don't reference errno when pthread fails * Fix locking on WSL using flock instead of fcntl Update to version 0.20.0: * See https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-no tes-0.20.0.md - Do not run bitcoind in daemon mode. Running it not as a background process makes it working properly with journald (instead of writing logs in /var/log). Update to version 0.19.1: * Wallet * Fix origfee return for bumpfee with feerate arg * Fix unique_ptr usage in boost::signals2 * Fix issue with conflicted mempool tx in listsinceblock * Bug: IsUsedDestination shouldn't use key id as script id for ScriptHash * IsUsedDestination should count any known single-key address * Reset reused transactions cache * RPC and other APIs * cli: Fix fatal leveldb error when specifying -blockfilterindex=basic twice * require second argument only for scantxoutset start action * zmq: Fix due to invalid argument and multiple notifiers * psbt: handle unspendable psbts * psbt: check that various indexes and amounts are within bounds * GUI * Fix missing qRegisterMetaType for size_t * disable File->CreateWallet during startup * Fix comparison function signature * Fix unintialized WalletView::progressDialog * Tests and QA * Appveyor improvement - text file for vcpkg package list * fix "bitcoind already running" warnings on macOS * add missing #include to fix compiler errors * Platform support * Update msvc build for Visual Studio 2019 v16.4 * Updates to appveyor config for VS2019 and Qt5.9.8 + msvc project fixes * bug-fix macos: give free bytes to F_PREALLOCATE * Miscellaneous * init: Stop indexes on shutdown after ChainStateFlushed callback * util: Add missing headers to util/fees.cpp * Unbreak build with Boost 1.72.0 * scripts: Fix symbol-check & security-check argument passing * Log to net category for exceptions in ProcessMessages * Update univalue subtree Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-72=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64): bitcoin-qt5-0.21.2-bp153.2.3.1 bitcoin-test-0.21.2-bp153.2.3.1 bitcoin-utils-0.21.2-bp153.2.3.1 bitcoind-0.21.2-bp153.2.3.1 libbitcoinconsensus-devel-0.21.2-bp153.2.3.1 libbitcoinconsensus0-0.21.2-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2021-3195.html
participants (1)
-
opensuse-security@opensuse.org